USG40 - disable DPD on IKEv2
train_wreck
Posts: 5 
Freshman Member
Freshman Member
I want to disable DPD on an IKEv2 site-to-site tunnel. How do I do this? There is no "dpd" command available under "ikev2 policy <policyname>". The only setting available is "dpd-interval", and the only valid values are 15-60. There is no option in the GUI. I tried "no dpd-interval", and the CLI accepted the input, but the DPDs continue to be sent, and the CLI still reports it being enabled when running "show ikev2 policy". Firmware is latest version available as of this post.
What's the secret here?
0
All Replies
-
Hi @train_wreck
The DPD function can be disabled by CLI command:
Router(config-ikev2 NAME)# no dpd-interval
However, this will disable the DPD sending out proactively
If peer side DPD still working, the device will reply it.
So this function need to be disabled on both of sides.
The DPD function is a mechanism to check peer device networking status to prevent zombie tunnel situation and it is enabled by default. It’s also recommended to enable it on both sites.
0
Zyxel Employee
Categories
- All Categories
- 431 Beta Program
- 2.6K Nebula
- 168 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 368 USG FLEX H Series
- 294 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.7K Consumer Product
- 265 Service & License
- 409 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 83 Security Highlight
